ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mgmt/docs/consul-provider-integration.md

169 lines
4.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Terraform Consul Provider 集成指南
本指南说明如何使用Terraform Consul Provider直接从Consul获取Oracle Cloud配置无需手动保存私钥到临时文件。
## 集成概述
我们已经将Terraform Consul Provider集成到现有的Terraform配置中实现了以下功能
1. 直接从Consul获取Oracle Cloud配置包括tenancy_ocid、user_ocid、fingerprint和private_key
2. 自动将从Consul获取的私钥保存到临时文件
3. 使用从Consul获取的配置初始化OCI Provider
4. 支持多个区域(韩国和美国)的配置
## 配置结构
### 1. Consul中的配置存储
Oracle Cloud配置存储在Consul的以下路径中
- 韩国区域:`config/dev/oracle/kr/`
- `tenancy_ocid`
- `user_ocid`
- `fingerprint`
- `private_key`
- 美国区域:`config/dev/oracle/us/`
- `tenancy_ocid`
- `user_ocid`
- `fingerprint`
- `private_key`
### 2. Terraform配置
#### Provider配置
```hcl
# Consul Provider配置
provider "consul" {
address = "localhost:8500"
scheme = "http"
datacenter = "dc1"
}
```
#### 数据源配置
```hcl
# 从Consul获取Oracle Cloud配置
data "consul_keys" "oracle_config" {
key {
name = "tenancy_ocid"
path = "config/dev/oracle/kr/tenancy_ocid"
}
key {
name = "user_ocid"
path = "config/dev/oracle/kr/user_ocid"
}
key {
name = "fingerprint"
path = "config/dev/oracle/kr/fingerprint"
}
key {
name = "private_key"
path = "config/dev/oracle/kr/private_key"
}
}
```
#### OCI Provider配置
```hcl
# 使用从Consul获取的配置的OCI Provider
provider "oci" {
tenancy_ocid = data.consul_keys.oracle_config.var.tenancy_ocid
user_ocid = data.consul_keys.oracle_config.var.user_ocid
fingerprint = data.consul_keys.oracle_config.var.fingerprint
private_key = file(var.oci_config.private_key_path)
region = "ap-chuncheon-1"
}
```
## 使用方法
### 1. 确保Consul正在运行
```bash
# 检查Consul是否运行
pgrep consul
```
### 2. 确保Oracle Cloud配置已存储在Consul中
```bash
# 检查韩国区域配置
consul kv get config/dev/oracle/kr/tenancy_ocid
consul kv get config/dev/oracle/kr/user_ocid
consul kv get config/dev/oracle/kr/fingerprint
consul kv get config/dev/oracle/kr/private_key
# 检查美国区域配置
consul kv get config/dev/oracle/us/tenancy_ocid
consul kv get config/dev/oracle/us/user_ocid
consul kv get config/dev/oracle/us/fingerprint
consul kv get config/dev/oracle/us/private_key
```
### 3. 初始化Terraform
```bash
cd /root/mgmt/tofu/environments/dev
terraform init -upgrade
```
### 4. 运行测试脚本
```bash
# 从项目根目录运行
/root/mgmt/test_consul_provider.sh
```
### 5. 使用Consul配置运行Terraform
```bash
cd /root/mgmt/tofu/environments/dev
terraform plan -var-file=consul.tfvars
terraform apply -var-file=consul.tfvars
```
## 优势
使用Consul Provider直接从Consul获取配置有以下优势
1. **更高的安全性**私钥不再需要存储在磁盘上的临时文件中而是直接从Consul获取并在内存中使用
2. **更简洁的配置**无需手动创建临时文件Terraform直接处理私钥内容
3. **声明式风格**完全符合Terraform的声明式配置风格
4. **更好的维护性**配置集中存储在Consul中便于管理和更新
5. **多环境支持**可以轻松支持多个环境dev、staging、production的配置
## 故障排除
### 1. Consul连接问题
如果无法连接到Consul请检查
- Consul服务是否正在运行
- Consul地址和端口是否正确默认为localhost:8500
- 网络连接是否正常
### 2. 配置获取问题
如果无法从Consul获取配置请检查
- 配置是否已正确存储在Consul中
- 路径是否正确
- 权限是否足够
### 3. Terraform初始化问题
如果Terraform初始化失败请检查
- Terraform版本是否符合要求>=1.6
- 网络连接是否正常
- Provider源是否可访问
## 版本信息
- Terraform: >=1.6
- Consul Provider: ~2.22.0
- OCI Provider: ~5.0
Reference in New Issue View Git Blame Copy Permalink